-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Aloha!
Jacob wrote: > I fully understand the trust gained by having a custom made external > analog TRNG as we do here, but wouldn't be better to XOR the > bitstream received from our generator with the one embedded in the > CPU(*)? I mean, if the CPU 's TRNG is tainted, we will not be worse > off, and if it is not, the board will probably exhibit higher > security in case our generator would have some issues. It would reduce the performance since you would add additional instructions to execute for every word you read out from the TRNG. It might also open up for side channel issues if you could predict the values from the ST RNG. I could accept using the ST RNG as an additional entropy source the cpu could write into the TRNG. The quality of the output from the TRNG should be (and seems to be) good enough to not start messing with it. - -- Med vänlig hälsning, Yours Joachim Strömbergson - Alltid i harmonisk svängning. ======================================================================== Joachim Strömbergson Secworks AB joac...@secworks.se ======================================================================== -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBCAAGBQJWd7d5AAoJEF3cfFQkIuyNs3kP/RpU0hW6F5AlMCUShS4EsDZH 4+a3HfulBLR7ExQg1jdSezVoY5WqSKiLFFw1IFtAeuQ9I9P283EclRUDAW3YWI+F OwWgoVgUnFgeYynr0T7KSD66yTpSRq19HJByhslryL9yPKHNNgiG7bUzFQ+EgGsg OgKoof02AvW6iOREsBjZQNWQbf96qOQnZw98ax9Sw+sjYnyc/q66V7Q1zXONiVaB uPt5N2hxIXhwDbE4xVx1/pdrBpEyE+KEX/LCC7Vh6duAprBB5TXKUCyMnj1NGCwy zzNYwJGWuhjzMcCKTYRCFW5cmVV1IPxo39ipJsagIYTBLw6/RomdlS5UQdDJKWoo uNLUW8B3Q/0HzYoEz6/JJoonBmfU7z03Dad0uUgmUhIu1B/SGKZn2/ij5jld80cH KI9fi6OsqLNTq0mQWE/whFnHQJYHJzh0cKf1Dyp4sIIYK1MXzJ0ntKr+zAi5kCUA 8bBEuQI7ZOT4jydKAtOc6R1q4Cwu/YjJhznhktaGBSUYkfz+nCH0HcXJ40SX4jbZ 0ixQFA18vLb+yGw0v9kHjca9J7D8evN4GKw3xSFEqkt4MUVZjhX7GnegTX0U7kt0 xADBz3kXcaeT7Ci7EDArgL0HxNB1CeZoWllgn8jWhyTPV0NCBIkwclxLZjYCR2dI w8HCt1LeFo1RycfB+qjR =1NiP -----END PGP SIGNATURE----- _______________________________________________ Tech mailing list Tech@cryptech.is https://lists.cryptech.is/listinfo/tech
